A bug which could allow for arbitrary code execution has been discovered, Red Hat alerted, and patches exist. So, I simple yum update should take care of things. However, Red Hat offers command line arguments which may be used to test for the vulnerability.
Using the command issued below, different warnings may appear, however, the following result is one of a vulnerable system.
# env ‘x=() { :;}; echo vulnerable’ ‘BASH_FUNC_x()=() { :;}; echo vulnerable’ bash -c “echo test”
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)’
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable’
bash: error importing function definition for `BASH_FUNC_x’
test
After running, yum update on October 1, 2014, which should include all the applied fixes, the result of the same command is the following. Which is good.
# env ‘x=() { :;}; echo vulnerable’ ‘BASH_FUNC_x()=() { :;}; echo vulnerable’ bash -c “echo test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x’
test
Source(s)
https://access.redhat.com/articles/1200223